Choosing the right biometric technology in the new normal

Access & Identity Management Handbook 2021 Access Control & Identity Management

Nowadays, positively identifying an individual requires more than a badge or a PIN. Biometrics, widely acknowledged as the most accurate form of identification, is increasingly incorporated into the security protocols across industries. We explore the various biometric modalities available and review how the market has been impacted by the current pandemic. Furthermore, we share recommendations for successful biometric deployments in this very special context.

When what you have and what you know … are not enough

Multi-factor authentication is very famous in the security industry. It consists of increasing the security level by requiring something you have (a token such as a badge or a card), something you know (a PIN code or password) and/or something you are (your physical attributes like biometrics).

Tokens and PIN codes can be stolen, shared or broken. This is not the case with biometrics. Biometrics are the only means of authentication today which can ensure that, for instance, the person passing through a gate is a genuine employee with actual access rights. Coupled with the right biometric access control technology, all business rules and regulations can be enforced specifically for the person trying to gain access, and depending on the use case: compliance for mining, health check, sobriety check, etc.

Long gone is the time when biometrics were reserved for government agencies. Today, it can benefit everybody, from companies to gated communities.

Which biometrics?

Biometric data are extracted from a human body part (a face, a finger or an iris) through the isolation of multiple reference points converted via an algorithm into a digital record (‘template’). This template is stored in the biometric device or on a server, and used as the reference for comparison with data extracted by the device each time an individual requests access. Once the two data sets match, the individual gains access.


So, how do we select the appropriate biometrics to meet our needs?

Adoption/acceptance: The chosen type of biometric modality (facial, iris, fingerprints) depends on the use case’s security requirements and preferences, but can also be influenced by cultural habits, beliefs, or others.

Accuracy: With biometrics, trust is paramount. Users must trust and be confident that the system can positively identify them every time, all the time. It must be true whether one person or 10 000 people use the system, but it must also be true if using the system for verification (1:1) or for identification (1:n). The difference between verification and identification is simple but the complexity is exponential.

Verification happens when someone presents a token (card or badge) which is associated to a biometric template. In this case, the system will test the biometric data presented against the biometric template linked to the token number. With identification, no token is involved. The algorithm must determine if the person in front of the reader is indeed allowed or not. Identification is much more complicated and requires some specific expertise.

Anti-spoofing: Biometric equipment installed to provide a high level of access security must not be easily manipulated. It must therefore use efficient anti-spoofing hardware and software mechanisms, like false finger detection for a fingerprint reader and 3D/infrared cameras and image processing for facial recognition devices.

Algorithms: Together with hardware components like the sensor for a fingerprint device or cameras for facial recognition, algorithms provide the processing power and speed. We recommend selecting products from vendors that develop their own algorithms and that rank high in the very stringent NIS[1] evaluations.

Speed: High-speed processing is key for efficient operations, from an office building to a residential estate. The appropriate systems must offer throughput of at least 30 users per minute per device to provide fluidity and avoid queues. It is paramount when a large number of people need to get access or leave a site as quickly as possible (whether it be a 1000-person shift or resident(s) entering a community by car).

End-user convenience: This is key for user adoption. If users have trouble using a system or struggle to be identified first time, they will resist its use. This also includes changing conditions throughout the day. When a system functions identically with various light conditions, it saves much frustration for users.

Enrolment: This is a key process whereby user biometric features are first captured for subsequent authentications. This needs to be secure and frictionless.

Deployment: The bulk of the cost of deployment usually comes from integration with your existing PACS (physical access control systems) and doors, turnstiles, speed gates, etc. Therefore, to reduce deployment hazards leading to increased project complexity and costs, it is advisable to select vendors integrated with mainstream PACS and hardware providers and with a proven record of successful implementation.

OPEX: As with other systems, the TCO (total cost of ownership) and ROI (return on investment) have to be considered rather than the initial capital investment only. The TCO is impacted by criteria such as quality and reliability. Selecting vendors with field-proven experience and a strong support, maintenance and repair network is paramount for efficient support when needed.

Biometrics and the #newnormal

With concerns surrounding contamination from surfaces, contactless biometrics have gained traction in the #newnormal.

Facial recognition is a natural alternative that comes to mind, but the emergence of facial mask requirements, which cover part of the nose and the entire mouth and chin areas, poses a new challenge for facial recognition devices. Technology companies are currently re-training algorithms to take this new constraint into account and improve performances.

Iris capture devices that by definition only scan the users’ irises are not impacted by this constraint, but they have other drawbacks in terms of speed and throughput capabilities, as well as a less favourable user perception, that limits them to specific use cases (for instance surgery rooms or laboratories).

Contactless fingerprint capture devices are a very efficient alternative. There are various options on the market, with the IDEMIA MorphoWave Compact being one. 3D images of four fingerprints are captured in a quick and fully touchless hand movement above the sensor. This innovative technology is already widespread, as it can provide high throughput, is very accurate and enables immediate user adoption. It is currently the preferred solution for real estate complexes in South Africa.

With COVID-19, we experienced a notable demand increase for contactless biometric readers like MorphoWave that scans and verifies four fingerprints in less than a second through a fully touchless hand movement, and VisionPass, the 2020 SIA Award-winning facial recognition device, designed with clients and users and that features a 2D+3D+infrared camera set and advanced anti-spoofing mechanisms.

[1]National Institute of Standards and Technology https://www.nist.gov/


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Palm-vein biometric kiosks secure SAP at Transnet Engineering
Access Control & Identity Management Transport (Industry) Videos
Securing access to SAP is essential to avoid fraud or corruption. Ensuring that users can access the software quickly, easily, and conveniently to do their jobs is also essential.

Read more...
Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...
Security industry embraces mobile credentials, biometrics and AI
AI & Data Analytics Access Control & Identity Management Integrated Solutions
As organisations navigate an increasingly complex threat landscape, security leaders are making strategic shifts toward unified platforms and emerging technologies, according to the newly released 2025 State of Security and Identity Report from HID.

Read more...
Nice launches DC Blue Astute garage door motor
Nice Group South Africa Technews Publishing News & Events Access Control & Identity Management Perimeter Security, Alarms & Intruder Detection
Nice Systems SA has launched the Nice DC Blue Astute, a garage door motor for the South African market featuring a pre-installed lithium-ion battery instead of traditional lead-acid batteries.

Read more...
Towards a global digital passport?
Access Control & Identity Management
In a world where borders are more connected and closely monitored, the idea of a universal digital passport could revolutionise how we travel, work, and even perceive citizenship.

Read more...
Empower individuals to control their biometric data
Information Security Access Control & Identity Management Security Services & Risk Management
What if your biometrics, now embedded in devices, workplaces, and airports, promising seamless access and enhanced security, was your greatest vulnerability in a cyberattack? Cybercriminals are focusing on knowing where biometric data is stored.

Read more...
A platform for access and identity at Securex 2025
Securex South Africa Access Control & Identity Management Facilities & Building Management
South African companies involved in supplying access control technology, security services, and data management are well-positioned to tap into the expanding access control market at Securex 2025.

Read more...
Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
Insurance provider uses Net2 For access management
Paxton Access Control & Identity Management Integrated Solutions Healthcare (Industry)
BestMed selected Paxton Net2 for its access control requirements because of its simplicity of installation and ease of navigation for end users, as well as the 5-year warranty.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...